lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080815093513.5ca24c26@lxorguk.ukuu.org.uk>
Date:	Fri, 15 Aug 2008 09:35:13 +0100
From:	Alan Cox <alan@...rguk.ukuu.org.uk>
To:	Theodore Tso <tytso@....edu>
Cc:	Rik van Riel <riel@...hat.com>, Pavel Machek <pavel@...e.cz>,
	"Press, Jonathan" <Jonathan.Press@...com>, davecb@....com,
	Adrian Bunk <bunk@...nel.org>,
	Mihai Don??u <mdontu@...defender.com>,
	linux-kernel@...r.kernel.org, malware-list@...ts.printk.net,
	linux-security-module@...r.kernel.org,
	Arjan van de Ven <arjan@...radead.org>
Subject: Re: [malware-list] [RFC 0/5] [TALPA] Intro to alinuxinterfaceforon
 access scanning

> So if that is the threat model, then the only thing libmalware.so
> doesn't solve is knfsd access, and it should be evaluated on that

And static binaries, and other kernel modular file I/O done on behalf of
applications, and making a library work well which is *hard*, and
labelling and scalability, and sharing a cache between users, and
aggregating events across processes .. and a few other things.

You have a lot of shared state here.

> So let's be real clear, up front, what the threat model is, and avoid
> changing the model around to rule out solutions that don't fit the
> initially preconceived one.  That's how you get to the TSA
> confiscating water bottles in airport security lines.

I don't think this is useful. I don't actually care what the virus folks
want to implement. I would rather see useful general purpose interfaces
that are practical and make sense. I cdon't really care whether people
use the write() system call to do sensible or dumb things. What we should
care about is the write syscall.

There seem so far to be two independent requests

* Noticing a file has recently changed, possibly with information about
changes and possibly being able to aggregate/time that for scalability.
This has a need to be able to accurately reference which file. This is
needed for good content indexing, and virus people want it for certain
kinds of scanning (post write, background etc). Doing this solely as a
final close notifier seems to be insufficient (as it may never close).

* Being able to pause an open pending some action. Examples include HSM
and dubiously some kinds of virus check. Problems here include the fact
it can only meaningfully be done for first open (which is fine for HSM)
and that the notion of an exclusive open, or of repeated clearly defined
open/read-write/close/done sequences are actually quite foreign to Unix
like systems.

We shouldn't need to care what people do with good interface. What
matters is in your airport example is that at the infrastructure level
there is a point you can choose to do scanning and we agree where.
Whether people use this to provide a Starbucks or goons with rubber
gloves who take away babies milk is an application layer problem.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ